I was just checking my registry and also noticed it appeared as an 020
object in Hijackthis:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\Notify\!SASWinLogon
I was just checking my registry and also noticed it appeared as an 020
object in Hijackthis:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\Notify\!SASWinLogon
lessmalwareiscool@nohotmail.org wrote:
> I was just checking my registry and also noticed it appeared as an 020
> object in Hijackthis:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> \Notify\!SASWinLogon
That is our Winlogon handler - if you want the full capabilities of the
detection and removal to be functional that needs to be there.
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Far Canal wrote:
> Nick Skrepetos wrote
>
> >
> > lessmalwareiscool@nohotmail.org wrote:
> > > I was just checking my registry and also noticed it appeared as an 020
> > > object in Hijackthis:
> > >
> > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> > > \Notify\!SASWinLogon
> >
> > That is our Winlogon handler - if you want the full capabilities of the
> > detection and removal to be functional that needs to be there.
> >
>
> Is it necessary for the free version of your program to be running all
> the time? It's using up resources for no reason as there's no real-time
> scanning and it's wasteful downloading updates every 8 hours. I'd be
> very surprised if anyone is scanning their computer more than once a
> week, cos it takes so long.
The Free Edition does not download the definitions automatically - the
user must do that - the Professional Edition does download (checks for
new) every 8 hours. Based upon how often we see people downloading the
definitions, the users of the free *are* scanning more than a few times
per week as they check for definitions before scanning.
The 3.3 version is over 40% faster on the scanning - the reality is, if
you want to find the malware, you have to scan everywhere - the
scanners that do the "fast" scans aren't scanning everywhere - I think
you will see the scans on competitor products taking longer - that's
what we have seen as they must scan more files and more files takes
more time.
As for resources - Windows swaps out everything so even if the Task
Manager reports that an application is using X amount of memory, if the
application is dormant, as in the case of SUPERAntiSpyware Free Edition
- most of it will be in the Page File. The usre can also make the
choice not to run the Free Edition all the time, and can use it only as
"on demand".
Many users keep the product running to quickly access the "What's
running on your computer" that links to the FileResearchCenter to
quickly check out their computer.
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Far Canal wrote:
> Nick Skrepetos wrote
>
> >
> > Far Canal wrote:
> > > Nick Skrepetos wrote
> > >
> > > >
> > > > lessmalwareiscool@nohotmail.org wrote:
> > > > > I was just checking my registry and also noticed it appeared as an 020
> > > > > object in Hijackthis:
> > > > >
> > > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
> > > > > \Notify\!SASWinLogon
> > > >
> > > > That is our Winlogon handler - if you want the full capabilities of the
> > > > detection and removal to be functional that needs to be there.
> > > >
> > >
> > > Is it necessary for the free version of your program to be running all
> > > the time? It's using up resources for no reason as there's no real-time
> > > scanning and it's wasteful downloading updates every 8 hours. I'd be
> > > very surprised if anyone is scanning their computer more than once a
> > > week, cos it takes so long.
> >
> > The Free Edition does not download the definitions automatically - the
> > user must do that - the Professional Edition does download (checks for
> > new) every 8 hours. Based upon how often we see people downloading the
> > definitions, the users of the free *are* scanning more than a few times
> > per week as they check for definitions before scanning.
> >
> > The 3.3 version is over 40% faster on the scanning - the reality is, if
> > you want to find the malware, you have to scan everywhere - the
> > scanners that do the "fast" scans aren't scanning everywhere - I think
> > you will see the scans on competitor products taking longer - that's
> > what we have seen as they must scan more files and more files takes
> > more time.
> >
> > As for resources - Windows swaps out everything so even if the Task
> > Manager reports that an application is using X amount of memory, if the
> > application is dormant, as in the case of SUPERAntiSpyware Free Edition
> > - most of it will be in the Page File. The usre can also make the
> > choice not to run the Free Edition all the time, and can use it only as
> > "on demand".
> >
> > Many users keep the product running to quickly access the "What's
> > running on your computer" that links to the FileResearchCenter to
> > quickly check out their computer.
> >
> >
>
> Thaanks for the info. I appreciate a complete scan takes time, which is
> why I don't do it too often. I prefer prevention. I'd not be happy to
> see your program picking up malware on every scan. I'm surprised you
> use ActiveX for your "What's running" feature. That's the one component
> of Windows I avoid like the plague.
You have touched on one of the biggest problems today - the
misinformation regarding technologies such as "ActiveX" - ActiveX is
not bad - it in fact has many viable and productive uses such as what
we do with it on our File Research Center, and online virus,
anti-spyware scanners, etc. etc. etc.. The XPI/XPCOM plugin
architecture in Firefox shares the same risks as ActiveX does for the
Internet Explorer platform. If a user installs it - the plugin has free
reign on the system. You will see more and more harmful XPI/XPCOM
components released as the popularity of Firefox rises - that's the
only reason you see so many "harmful" ActiveX plugins - IE has had over
90% of the browser market for years. There was no other target platform
for the spyware writers to go after.
More people today are probably infected by .EXE files that they
download to share files, watch videos, steal software (keygens/cracks)
than the ActiveX infections. Are .EXE files bad? They are a vehicle for
the spread of malware just as ActiveX is....
What needs to happen is education - not the, typically uneducated,
propaganda of saying "ActiveX is bad". I think this will make a great
blog topic for this weeks security blog:
http://superantispyware.blogspot.com
Understand, I am not targeting you here - it just is time that people
truely understand the facts and properly educate instead of just
reiterating a canned "ActiveX is bad"
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Leythos wrote:
> In article <1162186501.862987.318910@k70g2000cwa.googlegroups .com>,
> nskrepetos@yahoo.com says...
> > What needs to happen is education - not the, typically uneducated,
> > propaganda of saying "ActiveX is bad". I think this will make a great
> > blog topic for this weeks security blog:
> > http://superantispyware.blogspot.com
> >
> > Understand, I am not targeting you here - it just is time that people
> > truely understand the facts and properly educate instead of just
> > reiterating a canned "ActiveX is bad"
>
> ActiveX is a sign that the website developer didn't follow the standards
> for browser compatibility. Don't get me wrong, I have written many AX
> controls, but I don't do it any more.
>
> There is no need for ActiveX, in fact, while ActiveX is not the real
> problem, it's the common delivery method. That's like saying that
> Gasoline is not a threat, but people still get killed in fires started
> with it.
>
> I will tell people that ActiveX is bad for now, as there are too many
> people using it to make malicious code, and there are a LOT of people
> not using it any more, because of that fact.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
This is not a personal attack but I am trying to make people understand
the actual dangers, not the propaganda....
"ActiveX is a sign that the website developer didn't follow the
standards for browser compatibility" ??? There are two browsers in use
by 99% of the surfing public. That's yet even more uneducated
propaganda (you should no better than this) - There are basically two
platforms used to surfing the web by the "average" user (yes, I know
Opera, Safari, etc. etc.) - IE and Mozilla/Firefox - so sites that want
to do things such as our File Research Center, Online Virus/Spyware
scanning, etc. should use those technologies (ActiveX/XPCOM) to create
that type of software. The alternative is writing things in Java - but,
in my opinion that would be a waste of our resources - it is slower and
we would have to rewrite our complete engines. Java can infect the same
way ActiveX/XPCOM can.
Why not educate people to look where they are surfing and learn how to
see if a site is good or bad vs just telling them "ActiveX is bad" - if
people were not surfing porn and trying to steal software, and get
everything for free 99.99% of infections would not happen. It's like
having unprotected sex - bad things can happen if you don't take safety
precautions and learn what you are doing....
This is why we get people saying our site (and others) is/are bad -
because people tell them ActiveX is bad. Do you tell people Cars are
bad? Planes are bad? Gasoline is bad? Java also can infect a machine
just as easily as ActiveX, do you tell people Java is bad? What about
videos......those infect machines - do you tell everyone videos are bad
too?
This is very interesting to me - people are completely misinformed -
this is why education of the public is so important - and people in the
front lines with "techical backgrounds" should educate the people as
you have the power to do so and should understand the facts and truths
and not just say "ActiveX is bad"........we, the technical users are
the ones that can make the difference.....so why not start?
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Leythos wrote:
> In article <1162223909.439096.62920@m7g2000cwm.googlegroups.c om>,
> nskrepetos@yahoo.com says...
> >
> > Leythos wrote:
> > > In article <1162186501.862987.318910@k70g2000cwa.googlegroups .com>,
> > > nskrepetos@yahoo.com says...
> > > > What needs to happen is education - not the, typically uneducated,
> > > > propaganda of saying "ActiveX is bad". I think this will make a great
> > > > blog topic for this weeks security blog:
> > > > http://superantispyware.blogspot.com
> > > >
> > > > Understand, I am not targeting you here - it just is time that people
> > > > truely understand the facts and properly educate instead of just
> > > > reiterating a canned "ActiveX is bad"
> > >
> > > ActiveX is a sign that the website developer didn't follow the standards
> > > for browser compatibility. Don't get me wrong, I have written many AX
> > > controls, but I don't do it any more.
> > >
> > > There is no need for ActiveX, in fact, while ActiveX is not the real
> > > problem, it's the common delivery method. That's like saying that
> > > Gasoline is not a threat, but people still get killed in fires started
> > > with it.
> > >
> > > I will tell people that ActiveX is bad for now, as there are too many
> > > people using it to make malicious code, and there are a LOT of people
> > > not using it any more, because of that fact.
> > >
> >
> > This is not a personal attack but I am trying to make people understand
> > the actual dangers, not the propaganda....
>
> It's cool, I will not take it personally, and mine was not personal
> either.
>
> > "ActiveX is a sign that the website developer didn't follow the
> > standards for browser compatibility" ??? There are two browsers in use
> > by 99% of the surfing public. That's yet even more uneducated
> > propaganda (you should no better than this) - There are basically two
> > platforms used to surfing the web by the "average" user (yes, I know
> > Opera, Safari, etc. etc.) - IE and Mozilla/Firefox - so sites that want
> > to do things such as our File Research Center, Online Virus/Spyware
> > scanning, etc. should use those technologies (ActiveX/XPCOM) to create
> > that type of software. The alternative is writing things in Java - but,
> > in my opinion that would be a waste of our resources - it is slower and
> > we would have to rewrite our complete engines. Java can infect the same
> > way ActiveX/XPCOM can.
>
> The simple fact is that ActiveX was implemented by MS and is a poor way
> to build multi-platform tools and a poor way to force a user to use some
> browser that they won't want to use.
>
> ActiveX is a threat as most people have no clue as to what is good or
> what is bad or why it's even being used - if it wasn't a threat the IE
> Browser would not warn you about loading ActiveX controls when you click
> on one - even MS recommends that you not enable ActiveX.
>
> > Why not educate people to look where they are surfing and learn how to
> > see if a site is good or bad vs just telling them "ActiveX is bad" - if
> > people were not surfing porn and trying to steal software, and get
> > everything for free 99.99% of infections would not happen. It's like
> > having unprotected sex - bad things can happen if you don't take safety
> > precautions and learn what you are doing....
>
> Because there is no way to tell what sites are good and what sites are
> bad - you also know this. While I can feel 99.9% certain that the MS
> site is not a threat, that my bank site is not a threat, there is
> nothing to assure me that either site will not be compromised and then
> infect me with some ActiveX path.
>
> > This is why we get people saying our site (and others) is/are bad -
> > because people tell them ActiveX is bad. Do you tell people Cars are
> > bad? Planes are bad? Gasoline is bad? Java also can infect a machine
> > just as easily as ActiveX, do you tell people Java is bad? What about
> > videos......those infect machines - do you tell everyone videos are bad
> > too?
>
> ActiveX is a very common infection method, and it's self inflicted -
> your analogies don't match the threat example.
>
> I tell people that downloading MP3, AVI, MOV, etc... always presents a
> threat, and I don't allow Java-Applets to run on the client, same for
> ActiveX.
>
> > This is very interesting to me - people are completely misinformed -
> > this is why education of the public is so important - and people in the
> > front lines with "techical backgrounds" should educate the people as
> > you have the power to do so and should understand the facts and truths
> > and not just say "ActiveX is bad"........we, the technical users are
> > the ones that can make the difference.....so why not start?
>
> ActiveX is generally bad, any website that uses it should be avoided
> unless there is a valid reason to use that site. Using a browser that
> doesn't implement ActiveX is a good thing and should be a first choice.
>
> I have no means to warn users about all the malicious websites, but I
> can tell people that websites that implement ActiveX are not properly
> designed to be compatible with the world and should be avoided.
>
> I'm a very technical user, been in this since the 70's, design secure
> networks, so far, I've never had a managed machine compromised in all
> this time, and we strip ActiveX at the firewall along with many other
> things. I stand by my assertion that websites that implement ActiveX
> should be avoided and are a threat - since you have no means to validate
> if the control is malicious or not, and what is good today could be bad
> the next day.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
Wow - this really amazes me. I understand you are techical from the
70's - but things have changed since then...
I think I will save the rest of this for my blog - it's really sad to
see people spreading the propaganda of "ActiveX is Bad", "Microsoft
designed things incorrectly", etc. Firefox is subject to the same
attacks, if not more than IE - it's open source - I can look at the
source code, and have, and could design an attack very simply to
destroy Firefox user's - it's not about the platform - users should be
educated.....
-Nick
Nick Skrepetos wrote:
> Leythos wrote:
>
>>In article <1162186501.862987.318910@k70g2000cwa.googlegroups .com>,
>>nskrepetos@yahoo.com says...
>>
>>>What needs to happen is education - not the, typically uneducated,
>>>propaganda of saying "ActiveX is bad". I think this will make a great
>>>blog topic for this weeks security blog:
>>>http://superantispyware.blogspot.com
>>>
>>>Understand, I am not targeting you here - it just is time that people
>>>truely understand the facts and properly educate instead of just
>>>reiterating a canned "ActiveX is bad"
>>
>>ActiveX is a sign that the website developer didn't follow the standards
>>for browser compatibility. Don't get me wrong, I have written many AX
>>controls, but I don't do it any more.
>>
>>There is no need for ActiveX, in fact, while ActiveX is not the real
>>problem, it's the common delivery method. That's like saying that
>>Gasoline is not a threat, but people still get killed in fires started
>>with it.
>>
>>I will tell people that ActiveX is bad for now, as there are too many
>>people using it to make malicious code, and there are a LOT of people
>>not using it any more, because of that fact.
>
> This is not a personal attack but I am trying to make people understand
> the actual dangers, not the propaganda....
This does not have to be personal, Nick. But to assume that those who
choose not to use ActiveX, or Java, or IE, or OE, etc., do so because
they are misinformed or ignorant smacks of ... well, let's not go
there. [grin]
> "ActiveX is a sign that the website developer didn't follow the
> standards for browser compatibility" ??? There are two browsers in use
> by 99% of the surfing public. That's yet even more uneducated
> propaganda (you should no better than this) - There are basically two
> platforms used to surfing the web by the "average" user (yes, I know
> Opera, Safari, etc. etc.) - IE and Mozilla/Firefox - so sites that want
> to do things such as our File Research Center, Online Virus/Spyware
> scanning, etc. should use those technologies (ActiveX/XPCOM) to create
> that type of software. The alternative is writing things in Java - but,
> in my opinion that would be a waste of our resources - it is slower and
> we would have to rewrite our complete engines. Java can infect the same
> way ActiveX/XPCOM can.
Why do you IE fanboys [grin, let's keep this civil] continue to
fabricate statistics? But then again, 92,7% of all statistics,
including this one, are fabricated. That's what I told the idiot at my
bank's help desk when he claimed that 98% of their customers use IE. I
refuse to support a financial institution where the "technical" people
fabricate data. See Enron.
The fact of the matter is that IE's market share is now around 80%,
and falling. Google did not dump millions and millions of dollars into
Mozilla and Opera (the reason for Opera being freeware) for nothing.
http://www.w3schools.com/browsers/browsers_stats.asp
http://www.e-janco.com/browser.htm
http://marketshare.hitslink.com/report.aspx?qprid=0
There is some contention, that these statistics are actually skewed in
IE's favor due to UA-spoofing necessary to view the contents of sites
developed by the ignorati. IIUC, most Opera users typically use an IE
UA out of necessity. But that said, these numbers are of no use to
you, Nick. They have absolutely nothing to do with your market!
In corporate America (same applies to rest of the Windows-using
world), _this_ is a typical Windows setup:
OS: Windows 2K/XP
Office Suite: Office 2000/2003 Professional
Browser: IE
Email Client: Outlook/OE
AV: Enterprise Edition of NAV/NIS or McAfee*
AS: None or MSAS/Windows Defender*
*When Vista is released, these may change, somewhat gradually, to
Windows One Care Live. See the bundling of IE with Windows and how
that worked out for Netscape.
I would be suprised if the market share for IE/OE/Outlook for the
Fortune 500 companies is less than 99%. These people (multi-million
dollar IT departments) do _not_ purchase third-party anti-malware
solutions. These people were schooled by MS, and MS contends that it
is not only not necessary, it is not recommended.
And of course, these people already have the best anti-spyware
protection in place. "If you as an employee of this company download
malware on your company laptop/desktop, your employment will be
terminated." There is no license fee necessary for this solution.
Your market, Nick, is the Home/SOHO market. This can be divided in to
two groups --- the clueless and the not-so-clueless.
The clueless bought an OEM Windows box with NAV or McAfee installed,
and haven't updated their AV definitions since. They don't know what a
browser or email client is. And they don't know enough to wade through
the FUD and snake oil. When their boxes get compromised, they pay the
local "computer expert" $100-200 or more to clean up their systems.
These "experts" then install freeware AV and AS apps that never get
updated again until the next time their services are needed. The
"I-can-fix-your-box-for-$150" folks do _not_ recommend apps that
require license fees. It cuts into their profit margins.
And then there are the not-so-clueless Windows users. This is your
true market, Nick. These people are savvy enough to wade through the
FUD and snake oil, and make their security decisions accordingly. And
these people practice safe hex.
http://www.claymania.com/safe-hex.html
And part of safe hex (Rule #3) is not using IE/OE/Outlook. Even if
IE's share were 90% overall, and it's not, it is _way_ below 50% with
this crowd.
> Why not educate people to look where they are surfing and learn how to
> see if a site is good or bad vs just telling them "ActiveX is bad" - if
> people were not surfing porn and trying to steal software, and get
> everything for free 99.99% of infections would not happen. It's like
> having unprotected sex - bad things can happen if you don't take safety
> precautions and learn what you are doing....
Are all four of those 9s significant? [grin]
> This is why we get people saying our site (and others) is/are bad -
> because people tell them ActiveX is bad. Do you tell people Cars are
> bad? Planes are bad? Gasoline is bad? Java also can infect a machine
> just as easily as ActiveX, do you tell people Java is bad? What about
> videos......those infect machines - do you tell everyone videos are bad
> too?
You are correct. Java (and VBA, VBS, etc.) is just as risky. The
issue, of course, is default allow vs. default deny. No one should be
using Java or ActiveX with un-trusted sites. If your system is
supported by a multi-million dollar IT department, you can enable
anything that you want. On _any_ Home/SOHO box, however, both Java and
ActiveX should be disabled by default. I will leave it to the
interested reader to determine which of the above groups of Windows
users is qualified to decide when to allow either to be enabled.
> This is very interesting to me - people are completely misinformed -
> this is why education of the public is so important - and people in the
> front lines with "techical backgrounds" should educate the people as
> you have the power to do so and should understand the facts and truths
> and not just say "ActiveX is bad"........we, the technical users are
> the ones that can make the difference.....so why not start?
The best place to start, IMNSHO, is by not insulting your customer
base. I don't use IE, ActiveX or Java because I choose not to, not
because I am some ignorant, incompetent, misinformed buffoon. That is
one of the beauties of the current world. Being able to choose which
browser to use, which email client to use, and which sites are allowed
to have access to the data on my HD.
I haven't tried your ActiveX process utility, because 1) using it is
such a PITA with my setup, and 2) I have several other utilities that
do the same thing without ActiveX. IE is not my default browser, and
so your utility is not usable from your GUI. In order to use it, I have to
1) Open the page in FF.
2) Set IE's security to default settings (everything enabled).
3) Open IE.
4) C&P the link into IE.
5) Download the ActiveX control.
6) Run the utility.
7) Close IE.
8) Lock IE down again (Enough is Enough!).
As I said, a real PITA for a redundant utility. If I remember next
month when I use Microsoft Updates, I will try your utility before I
put IE away for another month.
I consider you, Nick, to be a stand-up guy and a friend, and I
consider SAS to be a great product. And I will continue to promote SAS
as a worthwhile AS solution, freeware and/or Pro. I don't care if you
develop ActiveX controls for your utilities, just please don't insult
those of us who choose not use them.
I would like you to do me a favor. When you post your blog about
"setting the record straight about ActiveX", take a poll among your
readers as to which browser(s) they are using. From my experience, I
would be shocked, absolutely shocked, if IE was exclusively used by
over 30% of those who frequent the security NGs and fora such as yours.
With the release of IE7, ActiveX is now optin. That means that by
default, for the first time in the history of ActiveX/IE, ActiveX is
disabled. I will leave it to the interested reader to determine which
of the above groups of Windows users is qualified to know how and when
to enable it.
It would appear that Microsoft has decided to go a different direction
WRT to ActiveX. Those who are interested can Google for replacing
ActiveX controls with user forms, .NET and several other options.
Justified or not, this would appear to be the reality.
Back in late 90s, before Firefox and Opera got their feet in the door,
this was the mantra.
The browser wars are over, and IE won. Get over it.
Allow me to be the first.
With the release of IE7, ActiveX is dead. Get over it.
Ron
Ron Lopshire wrote:
>part of safe hex (Rule #3) is not using IE/OE/Outlook. Even if
>IE's share were 90% overall, and it's not, it is _way_ below 50% with
>this crowd.
I use Outlook and IE and have never been infected by ANY malware. Some
people are simply clueless when it comes to safely traversing the
internet...I am not one of them.
I agree with your dislike for ActiveX. Any site that requires me to
load an ActiveX object is quickly sent to the bottom of my list for
any revisit (the exception being M$ update). I don't care who vouches
for a sites security, they simply don't get to load their software on
my computer. I even went to Nick's site (out of curiosity) and then
immediately closed it after discovering it uses ActiveX.
Ron Lopshire wrote:
> Nick Skrepetos wrote:
>
> > Leythos wrote:
> >
> >>In article <1162186501.862987.318910@k70g2000cwa.googlegroups .com>,
> >>nskrepetos@yahoo.com says...
> >>
> >>>What needs to happen is education - not the, typically uneducated,
> >>>propaganda of saying "ActiveX is bad". I think this will make a great
> >>>blog topic for this weeks security blog:
> >>>http://superantispyware.blogspot.com
> >>>
> >>>Understand, I am not targeting you here - it just is time that people
> >>>truely understand the facts and properly educate instead of just
> >>>reiterating a canned "ActiveX is bad"
> >>
> >>ActiveX is a sign that the website developer didn't follow the standards
> >>for browser compatibility. Don't get me wrong, I have written many AX
> >>controls, but I don't do it any more.
> >>
> >>There is no need for ActiveX, in fact, while ActiveX is not the real
> >>problem, it's the common delivery method. That's like saying that
> >>Gasoline is not a threat, but people still get killed in fires started
> >>with it.
> >>
> >>I will tell people that ActiveX is bad for now, as there are too many
> >>people using it to make malicious code, and there are a LOT of people
> >>not using it any more, because of that fact.
> >
> > This is not a personal attack but I am trying to make people understand
> > the actual dangers, not the propaganda....
>
> This does not have to be personal, Nick. But to assume that those who
> choose not to use ActiveX, or Java, or IE, or OE, etc., do so because
> they are misinformed or ignorant smacks of ... well, let's not go
> there. [grin]
>
> > "ActiveX is a sign that the website developer didn't follow the
> > standards for browser compatibility" ??? There are two browsers in use
> > by 99% of the surfing public. That's yet even more uneducated
> > propaganda (you should no better than this) - There are basically two
> > platforms used to surfing the web by the "average" user (yes, I know
> > Opera, Safari, etc. etc.) - IE and Mozilla/Firefox - so sites that want
> > to do things such as our File Research Center, Online Virus/Spyware
> > scanning, etc. should use those technologies (ActiveX/XPCOM) to create
> > that type of software. The alternative is writing things in Java - but,
> > in my opinion that would be a waste of our resources - it is slower and
> > we would have to rewrite our complete engines. Java can infect the same
> > way ActiveX/XPCOM can.
>
> Why do you IE fanboys [grin, let's keep this civil] continue to
> fabricate statistics? But then again, 92,7% of all statistics,
> including this one, are fabricated. That's what I told the idiot at my
> bank's help desk when he claimed that 98% of their customers use IE. I
> refuse to support a financial institution where the "technical" people
> fabricate data. See Enron.
>
> The fact of the matter is that IE's market share is now around 80%,
> and falling. Google did not dump millions and millions of dollars into
> Mozilla and Opera (the reason for Opera being freeware) for nothing.
>
> http://www.w3schools.com/browsers/browsers_stats.asp
> http://www.e-janco.com/browser.htm
> http://marketshare.hitslink.com/report.aspx?qprid=0
>
> There is some contention, that these statistics are actually skewed in
> IE's favor due to UA-spoofing necessary to view the contents of sites
> developed by the ignorati. IIUC, most Opera users typically use an IE
> UA out of necessity. But that said, these numbers are of no use to
> you, Nick. They have absolutely nothing to do with your market!
>
> In corporate America (same applies to rest of the Windows-using
> world), _this_ is a typical Windows setup:
>
> OS: Windows 2K/XP
> Office Suite: Office 2000/2003 Professional
> Browser: IE
> Email Client: Outlook/OE
> AV: Enterprise Edition of NAV/NIS or McAfee*
> AS: None or MSAS/Windows Defender*
>
> *When Vista is released, these may change, somewhat gradually, to
> Windows One Care Live. See the bundling of IE with Windows and how
> that worked out for Netscape.
>
> I would be suprised if the market share for IE/OE/Outlook for the
> Fortune 500 companies is less than 99%. These people (multi-million
> dollar IT departments) do _not_ purchase third-party anti-malware
> solutions. These people were schooled by MS, and MS contends that it
> is not only not necessary, it is not recommended.
>
> And of course, these people already have the best anti-spyware
> protection in place. "If you as an employee of this company download
> malware on your company laptop/desktop, your employment will be
> terminated." There is no license fee necessary for this solution.
>
> Your market, Nick, is the Home/SOHO market. This can be divided in to
> two groups --- the clueless and the not-so-clueless.
>
> The clueless bought an OEM Windows box with NAV or McAfee installed,
> and haven't updated their AV definitions since. They don't know what a
> browser or email client is. And they don't know enough to wade through
> the FUD and snake oil. When their boxes get compromised, they pay the
> local "computer expert" $100-200 or more to clean up their systems.
> These "experts" then install freeware AV and AS apps that never get
> updated again until the next time their services are needed. The
> "I-can-fix-your-box-for-$150" folks do _not_ recommend apps that
> require license fees. It cuts into their profit margins.
>
> And then there are the not-so-clueless Windows users. This is your
> true market, Nick. These people are savvy enough to wade through the
> FUD and snake oil, and make their security decisions accordingly. And
> these people practice safe hex.
>
> http://www.claymania.com/safe-hex.html
>
> And part of safe hex (Rule #3) is not using IE/OE/Outlook. Even if
> IE's share were 90% overall, and it's not, it is _way_ below 50% with
> this crowd.
>
> > Why not educate people to look where they are surfing and learn how to
> > see if a site is good or bad vs just telling them "ActiveX is bad" - if
> > people were not surfing porn and trying to steal software, and get
> > everything for free 99.99% of infections would not happen. It's like
> > having unprotected sex - bad things can happen if you don't take safety
> > precautions and learn what you are doing....
>
> Are all four of those 9s significant? [grin]
>
> > This is why we get people saying our site (and others) is/are bad -
> > because people tell them ActiveX is bad. Do you tell people Cars are
> > bad? Planes are bad? Gasoline is bad? Java also can infect a machine
> > just as easily as ActiveX, do you tell people Java is bad? What about
> > videos......those infect machines - do you tell everyone videos are bad
> > too?
>
> You are correct. Java (and VBA, VBS, etc.) is just as risky. The
> issue, of course, is default allow vs. default deny. No one should be
> using Java or ActiveX with un-trusted sites. If your system is
> supported by a multi-million dollar IT department, you can enable
> anything that you want. On _any_ Home/SOHO box, however, both Java and
> ActiveX should be disabled by default. I will leave it to the
> interested reader to determine which of the above groups of Windows
> users is qualified to decide when to allow either to be enabled.
>
> > This is very interesting to me - people are completely misinformed -
> > this is why education of the public is so important - and people in the
> > front lines with "techical backgrounds" should educate the people as
> > you have the power to do so and should understand the facts and truths
> > and not just say "ActiveX is bad"........we, the technical users are
> > the ones that can make the difference.....so why not start?
>
> The best place to start, IMNSHO, is by not insulting your customer
> base. I don't use IE, ActiveX or Java because I choose not to, not
> because I am some ignorant, incompetent, misinformed buffoon. That is
> one of the beauties of the current world. Being able to choose which
> browser to use, which email client to use, and which sites are allowed
> to have access to the data on my HD.
>
> I haven't tried your ActiveX process utility, because 1) using it is
> such a PITA with my setup, and 2) I have several other utilities that
> do the same thing without ActiveX. IE is not my default browser, and
> so your utility is not usable from your GUI. In order to use it, I have to
>
> 1) Open the page in FF.
> 2) Set IE's security to default settings (everything enabled).
> 3) Open IE.
> 4) C&P the link into IE.
> 5) Download the ActiveX control.
> 6) Run the utility.
> 7) Close IE.
> 8) Lock IE down again (Enough is Enough!).
>
> As I said, a real PITA for a redundant utility. If I remember next
> month when I use Microsoft Updates, I will try your utility before I
> put IE away for another month.
>
> I consider you, Nick, to be a stand-up guy and a friend, and I
> consider SAS to be a great product. And I will continue to promote SAS
> as a worthwhile AS solution, freeware and/or Pro. I don't care if you
> develop ActiveX controls for your utilities, just please don't insult
> those of us who choose not use them.
>
> I would like you to do me a favor. When you post your blog about
> "setting the record straight about ActiveX", take a poll among your
> readers as to which browser(s) they are using. From my experience, I
> would be shocked, absolutely shocked, if IE was exclusively used by
> over 30% of those who frequent the security NGs and fora such as yours.
>
> With the release of IE7, ActiveX is now optin. That means that by
> default, for the first time in the history of ActiveX/IE, ActiveX is
> disabled. I will leave it to the interested reader to determine which
> of the above groups of Windows users is qualified to know how and when
> to enable it.
>
> It would appear that Microsoft has decided to go a different direction
> WRT to ActiveX. Those who are interested can Google for replacing
> ActiveX controls with user forms, .NET and several other options.
> Justified or not, this would appear to be the reality.
>
> Back in late 90s, before Firefox and Opera got their feet in the door,
> this was the mantra.
>
> The browser wars are over, and IE won. Get over it.
>
> Allow me to be the first.
>
> With the release of IE7, ActiveX is dead. Get over it.
>
> Ron
Ron,
I am not trying to upset anyone - I am very thankful for all of the
support this, and other groups, have provided for me and my products. I
think my 99% issue was misread - I said "There are two browsers in use
by 99% of the surfing public" - Internet Explorer and Firefox - I
didn't say 99% used IE
For instance, our stats as of right now today on SUPERAntiSpyware.com
is 79.74% Internet Explorer, 19.2% Firefox/Mozilla and the balance
everything else, just FYI. The SUPERAdBlocker.com stats are about the
same with IE @ 82.1% and FireFox/Mozzilla @ 17.3%
I also didn't say, and I hope didn't imply, anyone was a "baffoon" or
"ignorant" because they did or didn't use ActiveX - I stated that
ActiveX was not bad - and simply have issue with the blanket "ActiveX
is bad".
My point is that ActiveX is not bad - neither is XPI/XPCOM - both are
great technologies that are useful. Any technology can be exploited.
I am not sure ActiveX will be "dead" with the release of IE7, as there
are still some native things that can't be done with the other methods
- but either way it will play out how it does
-Nick
Nick Skrepetos wrote:
[snip]
> You have touched on one of the biggest problems today - the
> misinformation regarding technologies such as "ActiveX" - ActiveX is
> not bad
activex is an active content technology whose use (at least in the
context of the world wide web) generally follows the pattern of
automatic execution as soon as you render the page... *that* is bad, but
it's not unique to activex...
> - it in fact has many viable and productive uses such as what
> we do with it on our File Research Center, and online virus,
> anti-spyware scanners, etc. etc. etc.. The XPI/XPCOM plugin
> architecture in Firefox shares the same risks as ActiveX does for the
> Internet Explorer platform. If a user installs it - the plugin has free
> reign on the system.
in some ways activex risks mirror those of xpi risks in the gecko engine
(specifically when you're dealing with new intentionally malicious
activex controls), but in others they more closely resemble risks from
javascript or java in the sense that they form an API that can be used
for good or bad things (the system can and generally does have a variety
of legitimate activex controls already on it that have been specifically
marked safe for scripting even though they aren't)...
[snip]
> What needs to happen is education - not the, typically uneducated,
> propaganda of saying "ActiveX is bad". I think this will make a great
education is not all that needs to happen... finer grained (and more
intuitive) controls are also needed to prevent automatic execution of
this sort of active content on untrusted sites... and the way new
activex controls are presented should be changed to more accurately
denote the fact that they're essentially new software and carry many of
the same risks as any other software download...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote